Bleach is a Python module that takes any HTML input, and returns valid, sanitised HTML that contains only an allowed subset of HTML tags, attributes and styles. django-bleach is a Django app that makes using bleach extremely easy.
Bleach 6 has been released and is due to be the final version of bleach because it is now deprecated due to html5lib being unmaintained. Further details here.
The significant changes required to support version 6 are;
bleach.clean, bleach.sanitizer.Cleaner,
bleach.html5lib_shim.BleachHTMLParser: the tags and protocols
arguments were changed from lists to sets.
bleach.clean(
"some text",
tags={"a", "p", "img"},
# ^ ^ set
protocols={"http", "https"},
# ^ ^ set
)
bleach.linkify, bleach.linkifier.Linker: the skip_tags and
recognized_tags arguments were changed from lists to sets.
bleach.linkify(
"some text",
skip_tags={"pre"},
# ^ ^ set
)
Bleach 6 has been released and is due to be the final version of bleach because it is now deprecated due to
html5libbeing unmaintained. Further details here.The significant changes required to support version 6 are;
bleach.clean,bleach.sanitizer.Cleaner,bleach.html5lib_shim.BleachHTMLParser: thetagsandprotocolsarguments were changed from lists to sets.bleach.linkify,bleach.linkifier.Linker: theskip_tagsandrecognized_tagsarguments were changed from lists to sets.